From 247a4258b21246e04f9c2f55b442f49d7fe8c956 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Mon, 30 Sep 2024 13:57:10 +0200 Subject: [PATCH 1/3] No certificate for Garage web root domain --- fediversity/garage.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fediversity/garage.nix b/fediversity/garage.nix index 0dd0d7f..c334afc 100644 --- a/fediversity/garage.nix +++ b/fediversity/garage.nix @@ -159,10 +159,9 @@ in }; }; - services.nginx.virtualHosts.${fedicfg.web.rootDomain} = { + services.nginx.virtualHosts.${fedicfg.web.domainForBucket "pixelfed"} = { forceSSL = true; enableACME = true; - serverAliases = lib.mapAttrsToList (bucket: _: fedicfg.web.domainForBucket bucket) cfg.ensureBuckets; ## TODO: use wildcard certificates? locations."/" = { proxyPass = "http://localhost:3902"; extraConfig = '' -- 2.44.1 From 4c8d380e9eaa673b63b3d2167f8fa0a346e34591 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Tue, 1 Oct 2024 18:18:47 +0200 Subject: [PATCH 2/3] Proxy all buckets that have `website = true` --- fediversity/garage.nix | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/fediversity/garage.nix b/fediversity/garage.nix index c334afc..5b1d32d 100644 --- a/fediversity/garage.nix +++ b/fediversity/garage.nix @@ -14,6 +14,7 @@ let inherit (builtins) toString; inherit (lib) types mkOption mkEnableOption optionalString concatStringsSep; inherit (lib.strings) escapeShellArg; + inherit (lib.attrsets) filterAttrs mapAttrs'; cfg = config.services.garage; fedicfg = config.fediversity.internal.garage; concatMapAttrs = scriptFn: attrset: concatStringsSep "\n" (lib.mapAttrsToList scriptFn attrset); @@ -159,16 +160,23 @@ in }; }; - services.nginx.virtualHosts.${fedicfg.web.domainForBucket "pixelfed"} = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:3902"; - extraConfig = '' - proxy_set_header Host $host; - ''; - }; - }; + ## Create a proxy from .web.garage. to localhost:3902 for + ## each bucket that has `website = true`. + services.nginx.virtualHosts = + let + value = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:3902"; + extraConfig = '' + proxy_set_header Host $host; + ''; + }; + }; + in mapAttrs' + (bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;}) + (filterAttrs (_: {website, ...}: website) cfg.ensureBuckets); systemd.services.ensure-garage = { after = [ "garage.service" ]; -- 2.44.1 From b36166ccc052a317e6684c975132acb994c1b9a0 Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Tue, 1 Oct 2024 17:08:09 -0400 Subject: [PATCH 3/3] fix test to not use ACME/SSL (again) --- vm/garage-vm.nix | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/vm/garage-vm.nix b/vm/garage-vm.nix index a8f78f3..0ad6998 100644 --- a/vm/garage-vm.nix +++ b/vm/garage-vm.nix @@ -1,17 +1,24 @@ { lib, config, modulesPath, ... }: let - inherit (lib) mkVMOverride; + inherit (lib) mkVMOverride mapAttrs' filterAttrs; + + cfg = config.services.garage; fedicfg = config.fediversity.internal.garage; in { imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; - services.nginx.virtualHosts.${fedicfg.web.rootDomain} = { - forceSSL = mkVMOverride false; - enableACME = mkVMOverride false; - }; + services.nginx.virtualHosts = + let + value = { + forceSSL = mkVMOverride false; + enableACME = mkVMOverride false; + }; + in mapAttrs' + (bucket: _: {name = fedicfg.web.domainForBucket bucket; inherit value;}) + (filterAttrs (_: {website, ...}: website) cfg.ensureBuckets); virtualisation.diskSize = 2048; virtualisation.forwardPorts = [ -- 2.44.1